Compliance: what does it mean for databases?

Compliance is the general term used to describe the efforts made by many - typically larger - organizations to meet regulatory standards.

In the US, the most important compliance regulation is the Sarbanes–Oxley Act of 2002 (SOX) for public companies and the Statement on Auditing Standards No. 70: Service Organizations (SAS70) for private organizations.

Other compliance regulations include:

In the UK, the Financial Services Authority (FSA) also maintains regulatory requirements.

The majority of this legislation deals with increasing accountability in the wake of some highly visible and damaging breaches of public trust. It gives rise to a need for more reliable paper trails, security and access controls, detailed and reliable monitoring, and change histories.

The impact on database professionals

Regulatory compliance has an impact throughout an organization, from finance departments and CIOs to individual developers and database administrators (DBAs). For example, compliance auditors will require DBAs - the custodians of a company's critical data - to account for all changes to a database, and detail all those with access to it.

This means they must be able to demonstrate that they have processes in place to:

Unfortunately, these are areas where database development has long lagged behind wider application development.

The nature of database code has historically been seen as a barrier to the implementation of change management, and therefore the maintenance of an audit trail. Many databases even go into production without any clear and meaningful history of changes, and auditors may regard this as an unacceptable avenue of risk.

An audit trail for SQL Development

Introducing source control to the development process lets you know who changed what, when, and why. It is therefore the first step in getting databases ready for compliance.

SQL Source Control integrates with existing source control systems, and SQL Server Management Studio; so there is no need to change the way you work. This eases adoption, giving you a database development audit trail with minimal disruption.

Preparing for compliance with the SQL Developer Bundle

Compliance requires strict process enforcement and information management. Although no single tool can solve an organization's compliance problems in their entirety, the SQL Developer Bundle presents a package of solutions to some of the most painful and costly database development and deployment problems. Undocumented code and poor change tracking expose you to risk, and the tools in the SQL Developer Bundle seek to mitigate that risk with minimal overheads.

To give a simple example: it is compliance best practice to document changes to schemas and application data. SQL Source Control allows you to preserve an incremental history of these changes, who they were made by, why and when. SQL Compare and SQL Data Compare can not only deploy these changes, but produce detailed reports of the differences between databases, and the final changes you deploy. In addition, SQL Doc produces thorough schema documentation, and SQL Data Generator allows you to test databases with realistic data in cases where sensitive production data cannot be used. This means you can begin to form a database audit trail with minimal extra investment and disruption.

Download this article as a PDF.


Volume discounts apply. Please contact us for further information.

Got a question?
0800 169 7433

Try a 14-day fully functional free trial of the SQL Developer Bundle.

Gold Editors Best Database Development Product Silver Communities Choice Best Database Development Product